IDA Batch Decompile is a plugin for Hex-Ray’s IDA Pro that adds the ability to batch decompile multiple files and their imports with additional annotations (xref, stack var size) to the pseudocode .c file
Usage
idascript (gui mode)
- open target, wait for analysis to finish
IDA Pro -> File/Script file... -> <this_python_script>IDA Pro -> File/Produce file-> IdaDecompileBatch ...- tick
Annotate StackVarSize, Annotate Func XRefs
- click
OK to decompile.
Note: File will be saved in target folder as <target_image_name.c>
idascript (cmdline batch mode)
<path_to_ida>/ida(w|w64)(.exe) -B -M -S”<path_to_this_script> \”–option1\” \”–option2\””, “<target>”`
Note that options need to be quoted with \"
Available options, see --help
--output ... output file path
--annotate-stackvar-size ... annotate function stack variable sizes
--annotate-xrefs ... annotate function xrefs
--imports ... process imports
--recursive ... recursive batch decompile
--experimental-decompile-cgraph ... experimental: manually decompile function call graph
Ida Plugin
- Follow the IDA Pro documentation on how to add python plugins.
IDA Pro -> File/Produce file -> IdaDecompileBatch ...
run
ida console: decompiling dbghelp.dll
[__main__/36908][DEBUG ] [idabatchdecompile.PLUGIN_ENTRY ] [+] initializing IdaDecompileBatchPlugin
[__main__/36908][DEBUG ] [idabatchdecompile.__init__ ] [+] is_windows: True
[__main__/36908][DEBUG ] [idabatchdecompile.__init__ ] [+] is_ida64: False
[__main__/36908][DEBUG ] [idabatchdecompile.wait_for_analysis_to_finish] [+] waiting for analysis to finish...
[__main__/36908][DEBUG ] [idabatchdecompile.wait_for_analysis_to_finish] [+] analysis finished.
[__main__/36908][DEBUG ] [idabatchdecompile.load_plugin_decompiler] [+] trying to load decompiler plugins
[__main__/36908][DEBUG ] [idabatchdecompile.load_plugin_decompiler] [+] decompiler plugins loaded.
[__main__/36908][DEBUG ] [idabatchdecompile.PLUGIN_ENTRY ] [+] Mode: commandline w/o args
[__main__/36908][DEBUG ] [idabatchdecompile.set_ctrl ] [+] IdaDecompileBatchPlugin.set_ctrl(<__main__.IdaDecompileBatchController object at 0x056FCF90>)
[__main__/36908][DEBUG ] [idabatchdecompile.init ] [+] IdaDecompileBatchPlugin.init()
[__main__/36908][DEBUG ] [idabatchdecompile.init ] [+] setting up menus
[__main__/36908][INFO ] [idabatchdecompile.PLUGIN_ENTRY ] [i] IdaDecompileBatch loaded, see Menu: ('File/Produce file/', 'IdaDecompileBatch ...')
...
The application has been completely decompiled.
[__main__/36908][DEBUG ] [idabatchdecompile.decompile_all ] [+] finished decompiling 'dbghelp.dll' as 'dbghelp.c'
Source: https://github.com/tintinweb/ida-batch_decompile
